diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 000fb7c2a..a826b4a07 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -57,7 +57,7 @@ class Admin::UsersController < Admin::AdminController end def refresh_browsers - MessageBus.publish "/file-change", ["refresh"], user_ids: [@user.id] + refresh_browser @user render nothing: true end @@ -131,6 +131,7 @@ class Admin::UsersController < Admin::AdminController def deactivate guardian.ensure_can_deactivate!(@user) @user.deactivate + refresh_browser @user render nothing: true end @@ -182,4 +183,8 @@ class Admin::UsersController < Admin::AdminController @user = User.where(id: params[:user_id]).first end + def refresh_browser(user) + MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id] + end + end diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 0533ac4ae..ef14ab1bc 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -82,7 +82,7 @@ class SessionController < ApplicationController return end - user.email_confirmed? ? login(user) : not_activated(user) + (user.active && user.email_confirmed?) ? login(user) : not_activated(user) end def forgot_password diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb index 4523e5d14..6752b45b0 100644 --- a/lib/auth/default_current_user_provider.rb +++ b/lib/auth/default_current_user_provider.rb @@ -27,7 +27,7 @@ class Auth::DefaultCurrentUserProvider current_user = User.where(auth_token: auth_token).first end - if current_user && current_user.suspended? + if current_user && (current_user.suspended? || !current_user.active) current_user = nil end diff --git a/lib/guardian.rb b/lib/guardian.rb index 735166977..607e79dee 100644 --- a/lib/guardian.rb +++ b/lib/guardian.rb @@ -134,7 +134,10 @@ class Guardian def can_approve?(target) is_staff? && target && not(target.approved?) end - alias :can_activate? :can_approve? + + def can_activate?(target) + is_staff? && target && not(target.active?) + end def can_suspend?(user) user && is_staff? && user.regular? diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb index 2bc5e7426..a5d44e044 100644 --- a/spec/controllers/session_controller_spec.rb +++ b/spec/controllers/session_controller_spec.rb @@ -195,6 +195,14 @@ describe SessionController do end end + describe 'deactivated user' do + it 'should return an error' do + User.any_instance.stubs(:active).returns(false) + xhr :post, :create, login: user.username, password: 'myawesomepassword' + expect(JSON.parse(response.body)['error']).to eq(I18n.t('login.not_activated')) + end + end + describe 'success by username' do it 'logs in correctly' do xhr :post, :create, login: user.username, password: 'myawesomepassword'